package com.atm.config;


import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

/**
 * @author shangqing.liu
 */

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {


    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.csrf().ignoringAntMatchers("/upload", "/deploy", "/viewLogs");
        http

                .authorizeRequests()
                .mvcMatchers("/static/**").permitAll()
                // 其他所有请求都需要认证
                .anyRequest().authenticated()
                .and()
                // 配置登录页面和处理登录逻辑的URL（如果需要的话）
                .formLogin()

                .loginProcessingUrl("/login")  // 提交登录表单的路径
                .defaultSuccessUrl("/", true)  // 登录成功后跳转的路径
                .permitAll() // 允许所有人访问登录页面
                .and()
                // 配置登出逻辑
                .logout()
                .permitAll(); // 允许所有人进行登出操作
    }

}
